[20146] in bugtraq
Re: ntp-4.99k23.tar.gz is available
daemon@ATHENA.MIT.EDU (stanislav shalunov)
Wed Apr 11 03:46:14 2001
Message-ID: <87bsq469h3.fsf@cain.internet2.edu>
Date: Tue, 10 Apr 2001 11:49:28 -0400
Reply-To: stanislav shalunov <shalunov@INTERNET2.EDU>
From: stanislav shalunov <shalunov@INTERNET2.EDU>
X-To: Chiaki Ishikawa <Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200104101414.XAA03442@sparc18.personal-media.co.jp>
Chiaki Ishikawa <Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP> writes:
> Has anyone tested the exploit against embedded ntp implementations
> such as in Cisco router, for example, to see if the daemon would
> misbehave, etc.?
I couldn't do anything to the NTP implementation of a Cisco router
here with the stock "ntpdx" exploit as it was posted. (It doesn't
crash, it doesn't exhibit same heap corruption as xntpd v3.)
Which, of course, doesn't mean IOS isn't vulnerable.
Crafting an exploit that would do something useful (as opposed to make
the router stop serving time) would be quite difficult though without
IOS internals knowledge, so there's some consolation here.
--
Stanislav Shalunov http://www.internet2.edu/~shalunov/
Sex is the mathematics urge sublimated. -- M. C. Reed.
